Contents

Additional security options

SAVE AS PDF

Additional security options

The application has a wide variety of security options to choose from.

Depending on the security requirements of your particular deployment, it might make sense to run the system with all of its security options enabled.
Some of the options make the system more secure, but can offer additional complexity from an implementation standpoint.

All security settings in this page are configured in System Properties > Security.

When the system determines that a particular field (such as task.number) should not be written to by the current user, the system renders that field in a read-only mode, which is why the number field is not writable on most incidents.

From within client scripts, it is possible to query arbitrary data from the server via the AJAXGlideRecord (renamed to GlideAjax) API, by using a syntax similar to a server-side glide record. This is an extremely powerful and useful tool in many deployments.

Web service security is enforced using the combination of basic authentication challenge/response for the HTTP protocol, as well as system level access control using the Contextual Security Manager. Additionally, there is a set of web service specific roles that may be granted to the web service user.